Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fresh-wire-95028
10/21/2021, 4:03 PMI created a resource outside the pulumi stack (manually in the console). But I make a reference to it in the pulumi stack. However...when I try to take down my stack, it tries to take down my external resource. Any way I can prevent this?
aws:iam:SamlProvider (default):
error: Preview failed: unable to delete resource "urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default"
as it is currently marked for protection. To unprotect the resource, either remove the `protect` flag from the resource in your Pulumiprogram and run `pulumi up` or use the command:
`pulumi state unprotect urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default`p
prehistoric-activity-61023
10/21/2021, 4:11 PMHow did you make a reference to it? If you didn’t import it, I’d say pulumi shouldn’t touch it.
Anyway, considering it wants to delete it, I guess it must exist in the state. Try to:
• export the stack state using
pulumi stack exportpulumi upf
fresh-wire-95028
10/21/2021, 4:12 PMI just give it the ARN:
new aws.ec2clientvpn.Endpoint(endpointName, {
..
authenticationOptions: [
{
type: 'federated-authentication',
samlProviderArn: 'ARN GOES HERE',
},
],
});p
prehistoric-activity-61023
10/21/2021, 4:13 PMhah, that’s interesting 🤔
it’s gonna be a stupid question but are you sure that’s the resource pulumi wants to delete?
f
fresh-wire-95028
10/21/2021, 4:17 PMbtw I'm not sure I get the concept of what happens in a
pulumi stack exportpending operationsp
prehistoric-activity-61023
10/21/2021, 4:18 PMpulumi stack export• your code is your desired state
• what you see as an output from
pulumi stack exportrequired actions are computed based on the difference between those two
that’s why if you happen to have any inconsistencies or something went totally wrong during
pulumi upf
fresh-wire-95028
10/21/2021, 4:20 PMwell according to this error message...
aws:iam:SamlProvider (default):
error: Preview failed: unable to delete resource "urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default"
as it is currently marked for protection. To unprotect the resource, either remove the `protect` flag from the resource in your Pulumiprogram and run `pulumi up` or use the command:
`pulumi state unprotect urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default`pulumi import aws:iam/samlProvider:SamlProvider ...importp
prehistoric-activity-61023
10/21/2021, 4:21 PMyes!
I think that’s it 🙂
that’s why I asked you in the first place if you imported this resource
and you did
that’s why it was added to your state (you can confirm that by finding this resource in state JSON file)
f
fresh-wire-95028
10/21/2021, 4:21 PMah...I didn't realize that's what import does. I thought you actually need to copy and paste the code it gives you
p
prehistoric-activity-61023
10/21/2021, 4:22 PMbut because you didn’t add the proposed code, it looks like you would like to remove it
once again -> your code is a desired state
state -> this is what pulumi thinks is the current state of your cloud
f
fresh-wire-95028
10/21/2021, 4:22 PMis there a way I can import stuff without having it add to the state without me adding the proposed code?
i.e. I just want the proposed code
p
prehistoric-activity-61023
10/21/2021, 4:23 PMI think you’re still missing the point a little bit
let me try to rephrase this or write an extended example so we’re on the same page
1. In the beginning you state is empty.
2. When you add e.g.
new aws.ec2clientvpn.Endpointpulumi upaws.ec2clientvpn.Endpointafter successful update,
aws.ec2clientvpn.Endpointurnthat’s why next time you run
pulumi upif you remove it from the source code, there’s a diff and pulumi generates
DELETEif you want to manage something that was already created outside of pulumi stack you need to import it
you cannot just write the code for it because it will result in
CREATEif you import it, pulumi will modify the stack accordingly and give you a piece of code to match it (so there’s no diff between the code and state)
so if you import something, you have to add the code - otherwise it doesn’t make any sense
BUT if you want to use an already existing resource, just reference it without doing the actual import
you can either write the literal arn OR if you want to have a resource instance, you can use
getLook up an Existing SamlProvider Resourcef
fresh-wire-95028
10/21/2021, 4:32 PMAaaah gotcha. Ok this makes a lot of sense.
And yes, your theory worked. I deleted the saml provider resource from the state, and was able to tear down my
tolip
prehistoric-activity-61023
10/21/2021, 4:34 PMyou’re welcome 🙂
to sum up: if you import something to pulumi stack state, pulumi will own/manage it
so if you don’t want some resource to be a part of the stack, don’t import it -> use get if necessary or just pass the arn